fbpx

Caricamento Pagina: What is meant by Privacy Policy - Il blog della Insight Adv Ltd - Insight adv - creative solutions
  Print
8 minutes reading time (1536 words)

What is meant by Privacy Policy

875 Hits

gdpr

What is meant by privacy policy, why every website should adopt a disclosure that clearly illustrates the ways in which user data is collected, used and managed and what the penalties are foreseen in case of failure to comply with the GDPR

Those who manage blogs, e-commerce or Internet sites have a fixed idea: the adaptation to the GDPR and the drafting of the website's privacy policy . But why is it necessary to draw up a document that clearly illustrates how data is collected and managed and, above all, what it must contain? What to write in the privacy policy and how to create a privacy policy?

We have tried to answer these and other questions in this article.

What is the privacy policy?

When you surf the internet, you leave personal data such as name, surname, address, but also many other information that can make the user identifiable and track his behavior on the internet. In recent years, the European and Italian legislators have paid particular attention to the collection, and more generally to the processing, of data regarding user behavior for the purpose of profiling by websites. The European Parliament has regulated the matter with the General Data Protection Regulation (GDPR 2016/679) which, among the various obligations, provides for the obligation to draw up and provide interested parties with an adequate privacy policy .

Privacy policy: the meaning

The privacy policy is a document that indicates precisely how personal data is processed by whoever collects it. The Information must be as detailed as possible, so that users are aware of how their personal data is being processed and, where necessary, so that they can freely express explicit and informed consent.

What is the GDPR?

The General Data Protection Regulation 2016/679 ( General Data Protection Regulation or GDPR ) in 99 articles and 173 "recital" regulates and harmonises the European legislation on data protection and privacy. The Regulation was published in the European Official Journal on 4 May 2016 and entered into force on 25 May 2018. From this date , compliance with the GDPR has therefore become mandatory for all Member States of the European Union.

The regulation establishes that personal data must be processed only after having adequately informed the interested party , who must know how these are collected, used and any risks associated with their treatment. It is not a question of a simple right to the protection of personal data , already established by directive 95/46 , but of a proprietary vision of the data where informative self-determination is the cardinal principle .

Hence also the importance for every blog, site or e-commerce manager to have a document on the privacy policy of his site that is as clear and exhaustive as possible and to ensure that all his Internet sites are compliant with the GDPR.

Features of the privacy policy

The information is addressed to the user and has the aim of informing him, in particular, about the purposes and methods of data processing operated by the owner . It must therefore be clear, exhaustive and as detailed as possible; in particular, it must indicate the data of the data controller and, where appointed, of the DPO, the type of data processed, the purposes and legal basis of the processing, the rights of the interested party, the retention time.

In a nutshell, the main contents of the privacy policy must be as follows :

  • the data controller and, where appointed, data protection officer ;
  • the personal data being processed ;
  • the purposes of the processing;
  • the legal basis of the processing;
  • the recipients
  • transfers of personal data (especially if in non-EU countries);
  • methods and retention period ;
  • the rights of the interested party .

Who should write the privacy policy

The Data Controller must write the information on the privacy policy.

The disclosure must be as relevant as possible to the specific case, ie tailor-made on the website and not "copied". This is why it is advisable to rely on professionals in the field.

image 182

The obligation of the privacy policy

The privacy policy is an indispensable document for every website with which personal data is collected and processed , it is an obligation and not a choice, because managing the data of one's visitors is on the one hand important from a professional point of view, on the other expressly regulated. Collecting, storing and analyzing personal data and information is a fundamental activity for a web marketer because it allows you to study and implement extremely personalized and therefore effective campaigns. But it is equally important to be responsible for this treatment and to do so in full compliance with the privacy rules and fundamental freedoms of third parties who visit a web page.

This is the logic of accountability , i.e. the correct organization and mandatory traceability of tracking activities. Anyone who does not ensure correct data management and collection runs the risk of fines .

Fines: what happens if a site does not have a privacy policy

The GDPR provides for fines of up to 20 million euros in case of violation of personal data and, to verify compliance with the law.

The sanctions are divided into two brackets, which are triggered according to the type of violation and the seriousness of the conduct:

  • the former reaches up to a maximum of 10 million euros or 2% of turnover if this is higher;
  • the second up to a maximum of 20 million or 4% of turnover if this is higher.

Templates and examples of privacy policies

To write an effective privacy policy, my advice is to research and inform yourself as much as possible through professional and competent figures and rely on experts, if necessary, and to avoid referring to ready-made privacy policy templates that you can find online.

Create privacy policy with WordPress

WordPress is probably one of the most famous Content Management Systems (CMS) and also offers support for creating privacy policies . In fact, in the Privacy section of the menu, it is possible to find a standard model of privacy policy for websites that can be modified and customized . The CMS offers complete guides for drafting valid privacy policies with numerous dedicated plugins. This, however, will never give the absolute certainty of having a correct privacy policy, nor of avoiding the risk of fines.

However, my advice is not to blindly rely on this model, but always seek the help of experts. Only by relying on competent figures can you be sure of having a correct privacy policy and avoid the risk of fines.

Privacy and Cookie Policy

In terms of protection, we often talk about cookies; let's try to clarify what cookies are.

To simplify, they can be represented as small text files saved in the browser while browsing the site and are mainly divided into two types:

  • first-party cookies – are those saved on the domain in which the user is browsing;
  • third-party cookies – those saved on a domain other than the one visited by the user.

Based on the applicable legislation, the express consent of the user is not always required for the use of cookies. In particular, "technical cookies", i.e. those used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user, do not usually require this consent. In other words, these are cookies that are essential for the site to function or necessary to perform activities requested by the user.

For "profiling cookies", on the other hand, i.e. those aimed at creating user profiles and used to send advertising messages in line with the preferences expressed by the user while surfing the net, a prior consent is usually required of the user, as far as it depends on the applicable legislation.

On the privacy side, attention has focused precisely on profiling cookies , prompting the major browsers such as Firefox, Edge and Safari to abandon them, and Google Chrome to propose a gradual process of elimination that will arrive until 2023.

Based on European legislation and the recent EDPB guidelines on consent , in order for the use of cookies to be considered legitimate, broadly speaking, it is necessary that:

  1. suitable information on their use is provided to users;
  2. in the absence of specific consent from the user, only technical cookies are activated;
  3. the activation of analytical and profiling cookies takes place only after the user has given specific consent;
  4. access to the services and functions of the site is not subject to the user's consent to the so-called cookie wall, i.e. the screen (wall, in fact) that appears in front of visitors to a specific site and with which the obligation to accept all cookies before you can access the desired web service.

With reference to point 3, it is also important to underline that actions such as scrolling a page - unlike what happened before the issue of the guidelines referred to above - can no longer be interpreted as a positive manifestation of consent, and therefore considered valid . These actions, in fact, can be difficult to distinguish from other activities that a user performs on the site and therefore cause confusion on the actual granting of consent. An unequivocal positive activity is therefore necessary, such as, for example, the action that takes the form of typing on an "Accept" button.

In conclusion, we must not underestimate the importance of adapting to the European regulation on data protection, nor panic

0
Tags:
Le guide della Insight privacy gdpr
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

How to create an effective poster?
How do you learn to write a story?

About the author

Umberto Mazza

Umberto Mazza

Subscribe to updates from author Unsubscribe to updates from author Umberto Mazza

Giornalista e Reporter freelance. Fonda nel 2006 la Insight Agency e da dicembre 2022 è Creative Director della Insight Adv Ltd.

Copywriter, graphic and web designer, marketing specialist e digital strategist.

È un appassionato fotografo e videomaker.

Un buon libro, la musica e il cinema sono le sue grandi passioni, seconde solo all'amore per la moglie Magda e la figlia Maja.

 

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, 01 May 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.insightadv.it/

Stay in touch with us!

Do you want to stay updated on all the latest news of our agency, on new services and on all the sections of our blog?

Subscribe to our newsletter!

Satisfied customers

What they say about us

We started our collaboration with the InsightAgency, entrusting them with a strengthening of our Corporate Identity. They advised us on the creation of a new Brand and Logo and supported us in buil...
2013-10-02
Read more
Massimiliano Leone
CEO & Founder / Esigitaly srl
I had the pleasure of collaborating with Umberto, an exquisite person, always available, competent and quick to find solutions to problems, whether large or small; maximum satisfaction!
2013-10-02
Stefano Beltrame
Staff / Nebula Sigarette Digitali
I was lucky enough to cross paths with Insight Agency in my professional career, thus getting to know Umberto, an excellent professional. Today my professional relationship and friendship, establi...
2013-09-27
Read more
Raffaele Cozzolino
Resp. Tecnico / Leucopetra spa

About

Insight Adv Ltd is a full-service advertising agency. We offer our customers Graphic and Web Design, Marketing and Strategic Communication services.

We create websites, e-commerce and fad platforms, commercials and promotional videos and applications for smartphones and tablets. We also offer digital & direct marketing, social media and content management services. 

Pillole...

Follow us on